similar to: sshd and PAM

Hi, There have been a bunch of useful submissions for the compare /contrast thread. To reduce the load on your mailbox, they are gathered here in one go... Roger. Date: Wed, 28 Oct 1998 15:11:37 +0000 From: "David L. Sifry" <dsifry@linuxcare.com> To: "Matthew S. Crocker" <matthew@crocker.com> CC: Rob Bringman <rob@trion.com>,

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

Greetings all, I'm needing to set up a new ftp server which will primarily be a public server (i.e. "anonymous" logins). I'll also need to set up some "group" logins for controlled "incoming" access (doesn't _have_ to be on the same sever). Aside: I can't see a (mini-)HOWTO on public ftp server setup - is there really not one? Given the recent

I just set up RH 5.2 on my PC and since I'll have cable soon I'll keep the PC on 24/24. So i'll need to secure the box so it doesn't gets hacked... what are the basic files I have to secure... or what can I install to secure the box in some way. I would like to give access to some of my m8s tho ... So I can't completely lock the incoming traffic .. Please help me out of this

I would like to allow certain types of ICMP traffic and not others. Is there a way, with ipfwadm do this? I currently either can deny access to ICMP for what I want or allow it. Any good examples out there? [mod: Please summarize in about a week, OK? -- REW] -- -- #include <std_disclaimer.h> Peter Kelly Email: pkelly@ETS.net PGP Public key: http://www.ets.net/pkelly/pgp.html Key

I was wondering if any one has had any experiance using ssyslogd. http://www.core-sdi.com/ssyslog/ Secure Syslog v1.21 I have read a bit about it, but have been unable to find any good linux reference. I was wondering if people have been using it with any success. And if not, are there any other encrypted syslog solutions out there? [mod: Please reply to Mark, he'll summarize in about a

Hello all, Ok, so all this talk has prompted my group to consider installing a firewall. It looks like the most economical approach would be to drop in a machine running linux between our router and our switch to perform this function. We have a 100Mbit full duplex connection here (to other routers on campus), so we would like to be able to pump data through the firewall at this rate. Is

Can anyone provide me with their (fairly) impartial opinion on which major current distribution (Debian 1.2 or Red Hat 4.0) provides better security? I have heard a lot of people sticking up for their favorite, but few real facts/insights on them from a security point of view. Red Hat seems to be favored by novices for no-brainer installation and graphical configuration programs (which

Hey linux-security-ers: I just compiled/installed Pine 4.02 for my RH 5.0 machine today (didn't see an RPM last time I checked ftp.redhat.com:/pub/contrib), and after I got it installed, it kept giving me errors about not being able to create a lockfile when dinking with my mailspool in /var/spool/mail. After doing some digging on DejaNews and the Pine website, I find a document who says the

Hi, I''ve been thinking about group membership and the corresponding (weak) restrictions to system resources. Consider the following: % cat > gsh.c main() { system("/bin/sh"); } % cc -o gsh gsh.c % id uid=100(joe) gid=500(users) groups=14(floppy),15(sound) % chgrp sound gsh % chmod g+s gsh % mail abuser Subject: You owe me $5...

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

Phexro <ieure@linknet.kitsap.lib.wa.us> writes: > chroot()''d processes. So, important system calls could be modified thus: Since there are tons of syscalls and new ones appearing all the time, "Fixing" some of them doesn''t seem like a good idea. It seems more reasonbale to deny access to all of them, except for a few specific ones (that can moreover be

If it''s any help, here''s a sed script that is reasonably good at pulling out suspicious-looking items generated by various daemons. Fix appropriately... _H* ========== # this should match a buncha different stuff / [Pp]ermi/b ff / PERMI/b ff / [Rr]efuse/b ff / REFUSE/b ff / [Dd]en[yi]/b ff / DEN[YI]/b ff /[Rr]eject/b ff /REJECT/b ff /[Bb]ogus/b ff /[Pp]assw/b ff /PASSW/b ff

[mod: This is the second time in a week that someone asks this question: is it a new attack? It sure looks to me like "userland" has completely locked up, but that the kernel is still working. As an isolated case, my diagnosis is: You probably have a bad block in your /bin/login program or something like that. When two people report this in a week, it's starting to become unlikely

-----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 2 May 1997 12:33:00 -0500 > From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM> > On almost all Unix operating systems, having superuser access in a > chroot() jail is still dangerous. In some recent revisions of 4.4BSD > operating systems, root can trivially escape chroot(), as well. I was thinking about possible attacks

The instructions in RHSA-2000:037-01 (2.2.16 kernel update) tell you: 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. These instructions are incomplete and may result in a system that is unbootable. After updating the RPM files, you should also: (1) run mkinitrd to create a new initial ramdisk image

Any user with shell access, or with access to upload a cgi script can exploit this to make machine thrash badly. Seems to circumvent any limits in the kernel Here are my settings dlai@whale.home.org:/home/dlai?limit cputime unlimited filesize 20000 kbytes datasize 8192 kbytes stacksize 8192 kbytes coredumpsize 1000000 kbytes memoryuse 8192 kbytes descriptors

Hi. I don''t know if this one is known, but I can''t recall seeing anything about it. If it is old news I apologize. I discovered a bug in the inetd that comes with NetKit-B-0-08 and older. If a single SYN is sent to port 13 of the server, inetd will die of Broken Pipe: write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) ---

While sudo is used to give fairly trusted users the ability to run programs with root privs, there exists a hole in the one in the RedHat contrib directory (sudo 1.5.9.p4) which allows a minimally trusted user to obtain full root access and privilege. If a user is given the opportunity to run any program, that user can fool sudo and obtain any level of privilege for any executable. Assume

Hello! Well-known thing is abusive use of ping abillity to fill out the ICMP packet with '+++ATH0', which will cause hangup on 'bad' modems. The defense, at the clinet side, is to add 'S2=255' to modem settings. This 'technique' is used in irc wars, and other abusive attacks, and shell providers have a lot of problems with that. There are two ways to forbid users